Tuesday, February 26, 2013

The Guardian has a tremendous article about How Beppe Grillo's social media politics took Italy by storm. More accurately, it is the story about how Grillo used social media to spread his message of radical populism. Grillo's message resonated with an electorate who feels it has been betrayed by traditional leaders, both political and media. Therefore, social media was the logical tool for spreading Grillo's message.

Head on the internet, and feet on the ground, as Grillo himself puts it.

So what does this mean for the developer of software tools for the federal market? Presumably you have a Facebook page, or a Google Plus page, or at least a Twitter account. Wherever you have established your online presence, you have identified your community. So, when you have an event, invite your followers.

Realistically you can't hold a rally and have thousands of people cheering for your software tools, or web widgets. But you can generate a steady flow of traffic to your booth at the trade show and/or guarantee a full room when you present at a conference or the monthly meeting of a user group. For purposes of building a prosperous company, that is sufficient.

Wednesday, February 20, 2013

Have you noticed those manipulative Facebook posts, "like" if you hate cancer and so forth? It seems that the more "likes" your posts receive, the higher your EdgeRank. What is EdgeRank you ask?

EdgeRank is an algorithm developed by Facebook to govern what is displayed—and how high—on the News Feed.

Just because someone has "friended" you, it does not follow that you will get to see their posts. Facebook has a complicated algorithim that decides what goes into your feed. You don't see all the material that has been posted by your friends and the pages you have "liked." Facebook, not you, decides what you really like.

So, if you want to build a page with a very high EdgeRank, you post manipulative posts asking readers to support a cure for cancer.

Businesses worldwide are trying to figure out how to best utilise platforms like Facebook, Twitter and Google Plus (haha, na I’m just kidding about Google Plus). They know that EdgeRank, likes, brand exposure and followers are important, even if they don’t know exactly why or what to do with it.

So a social media consultant manufactures a page with a high edgerank and sells it to some business who wants a page with high EdgeRank, but does not know how to build it.
You know what would be cheaper and more effective than buying a pre-fab fan page from a social media consultant? Building a page on Facebook, putting interesting content on that page, and then buying advertising from Facebook to generate traffic, and ultimately EdgeRank. Sometimes paying the Facebook toll is the superior solution.

Clearly, much depends upon how this is implemented. I would encourage all those who are interested to participate in the process. Now is the time to speak out, before the Executive Order is implemented.

I would draw particular attention to Section 7:

Sec. 7. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. (a) The Secretary of Commerce shall direct the Director of the National Institute of Standards and Technology (the "Director") to lead the development of a framework to reduce cyber risks to critical infrastructure (the "Cybersecurity Framework"). The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Cybersecurity Framework shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible. The Cybersecurity Framework shall be consistent with voluntary international standards when such international standards will advance the objectives of this order, and shall meet the requirements of the National Institute of Standards and Technology Act, as amended (15 U.S.C. 271 et seq.), the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113), and OMB Circular A-119, as revised.

What goes into the frame work and what is left out will determine what sort of cyber culture we will live with. And by "we" I don't merely mean Americans, this framework is sure to affect the entire industry.

The Executive Order clearly requires a consultative process that will include a public comment process. Section 5 sets for the privacy and civil liberties protections that are to be based on the Fair Information Practice Principles. Privacy and civil liberties advocates would be well advised to familiarize themselves with these principles.

I would also note the deadlines the Executive Order establishes (listed in order of the deadlines):

Within 90 days of the publication of the preliminary Framework, these agencies shall submit a report to the President, through the Assistant to the President for Homeland Security and Counterterrorism, the Director of OMB, and the Assistant to the President for Economic Affairs, that states whether or not the agency has clear authority to establish requirements based upon the Cybersecurity Framework to sufficiently address current and projected cyber risks to critical infrastructure, the existing authorities identified, and any additional authority required.

(b) If current regulatory requirements are deemed to be insufficient, within 90 days of publication of the final Framework, agencies identified in subsection (a) of this section shall propose prioritized, risk-based, efficient, and coordinated actions, consistent with Executive Order 12866 of September 30, 1993 (Regulatory Planning and Review), Executive Order 13563 of January 18, 2011 (Improving Regulation and Regulatory Review), and Executive Order 13609 of May 1, 2012 (Promoting International Regulatory Cooperation), to mitigate cyber risk. The Secretary shall coordinate establishment of a set of incentives designed to promote participation in the Program.

Within 120 days of the date of this order, the Attorney General, the Secretary of Homeland Security (the "Secretary"), and the Director of National Intelligence shall each issue instructions consistent with their authorities and with the requirements of section 12(c) of this order to ensure the timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity.

(c) To assist the owners and operators of critical infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaboration with the Secretary of Defense, shall, within 120 days of the date of this order, establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors.

Within 120 days of the date of this order, the Secretary and the Secretaries of the Treasury and Commerce each shall make recommendations separately to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs, that shall include analysis of the benefits and relative effectiveness of such incentives, and whether the incentives would require legislation or can be provided under existing law and authorities to participants in the Program.

(e) Within 120 days of the date of this order, the Secretary of Defense and the Administrator of General Services, in consultation with the Secretary and the Federal Acquisition Regulatory Council, shall make recommendations to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs, on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration. The report shall address what steps can be taken to harmonize and make consistent existing procurement requirements related to cybersecurity.

Sec. 9. Identification of Critical Infrastructure at Greatest Risk. (a) Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security. In identifying critical infrastructure for this purpose, the Secretary shall use the consultative process established in section 6 of this order and draw upon the expertise of Sector-Specific Agencies.

(e) Within 240 days of the date of this order, the Director shall publish a preliminary version of the Cybersecurity Framework (the "preliminary Framework"). Within 1 year of the date of this order, and after coordination with the Secretary to ensure suitability under section 8 of this order, the Director shall publish a final version of the Cybersecurity Framework (the "final Framework").

(c) Within 2 years after publication of the final Framework, consistent with Executive Order 13563 and Executive Order 13610 of May 10, 2012 (Identifying and Reducing Regulatory Burdens), agencies identified in subsection (a) of this section shall, in consultation with owners and operators of critical infrastructure, report to OMB on any critical infrastructure subject to ineffective, conflicting, or excessively burdensome cybersecurity requirements.

I trust that those tasked with creating the Framework will follow the excellent example of the Federal XML Work Group by setting up a website where the rest of us can follow their work. It is particularly important that the minutes of their meetings be posted in a timely manner and that their email discussion groups be publicly posted. This will build trust and increase the chances of a smooth adoption and implementation of whatever Framework is established.

As we all know, a certain James Carter chanced upon it while surfing YouTube. Carter forwarded the video to a reporter at Mother Jones Magazine, and the rest is history. Carter did this as a Democrat, and a loss leader for his political consulting business. So if anyone wants to know the value of what we do, here it is. We take content that would other wise remain obscure and pitch it to someone, traditional media or online community, where people would be interested. It is very similar to traditional media relations, where you take a client's story and pitch it to the news organization that would be interested.

Noting the existence of more than one fake Ryanair account on Facebook and Twitter, which have significant consumer followings, Kiely said: 'A Facebook account would not be helpful to us, as we would have so many people looking for a response.'

He called the social network a 'two-way tool' and said maintaining a dedicated account would probably mean 'hiring two more people just to sit on Facebook all day'.

Presumably, responding to the public is what a company hires a communications chief to do. Or does he suppose that he can just issue statements to the traditional news media, which they would duly print, and take no account of the general public, also known as Ryanair's customers and potential customers?

If responding to the public requires you set up a Facebook account and respond to their concerns all day, then that is what you need to do.

Friday, February 01, 2013

If you want to write a press release that actually gets placed with a news organization, don't model your news release on other news releases, model it on the style of the news organizaton you want ot place it with. If you want to place your story in the Washington Post, write like the stories you see in the Washington Post.

If you go to a trade show you will see hundreds of press releases, and they all read the same. It is truly a pity, because most of them have interesting stories to tell.

Too many press releases are written to be professional looking rather than newsworthy. If you put the phrase "leading provider of" in the first paragraph, you need to rewrite your release. Describe your company in the simplest way possible, say you are a content management company, or financial software company, or SaaS provider, or something the reader can easily understand.

Put your news in the headline or at least the first paragraph. It is astonishing how often this obvious technique is overlooked.

Here is an easy test to find out whether your news release is effective, give to a friend or family member and ask if they understand it. If they don't, it needs to be rewritten. Even the most technical stories can be communicated to a lay audience.

No one will struggle to understand what your product or service does. No one will struggle to understand why it is newsworthy.